Oh dear, I love how the seller tries to make them look good, but fails completely

"WOW! a rare chance to get an early first edition set of The Lord of The Rings Trilogy including a TRUE FIRST IMPRESSION of the Return of The King. Also included in the listing is a true first paperback edition 1st impression from 1961 (the first time The Hobbit appeared in paperback form).

The Fellowship of The Ring - 1955 4th impression (first published in 1954) - a rare early impression. Condition as per pics, split along the spine, marks and bumps to cover,brown spots to pages and the remains of a sticker to fep. Map present at back.

The Two Towers - 1959 sixth impression. again see pics. marks and bumps to cover, minor spine lean. Map present at back.

The Return of the King - 1955 FIRST impression - very rare!!!! - this is an ex-libris book with stamps/remains of stickers and has been rebound as per pics. Map present at back has some brown tape marks on it along with some tape repair. some spine lean. still a great chance to grab a first edition first impression."

I hope most members have changed their passwords on ebay, following the news that they were hacked and the entire database of ebay members was lost.

ebay have been very poor in how they dealt with this issue, they have taken a long time before informing members that it happened and I still have no email from them telling me to change my password.

They did not encrypt the user information in the database, only the password was encrypted.

So the hackers now have your name, ebay id, email addresses, your home address and possibly work address, phone numbers and dates of birth, all of which can be used to steal your identity. I expect the hackers would sell this information to other hackers, so confidential details are now out in the open.

As regards the encrypted passwords, these are stored as 'hashes', not as the original password. A 'hashed' password works in the following way.

When you enter your password at ebay, in plain-text, the web server encrypts it to form the 'hashed' password, and this 'hashed' password is compared with the encrypted password in the database. Hackers can use what are called 'rainbow' tables to reveal the original password, what they do is to take common dictionary words, words with a small number of characters and common passwords, and create the 'hashed' passwords for these passwords. They can then compare with the database that they took from ebay and find matches, if they find a match they know what the plain-text password was.

This is why it is important to have a different password for every web site that you use, if you had a relatively simple ebay password and used the same password on all your other sites then the hackers probably have access to all of those accounts as well.

Everyone on the board, who uses ebay, needs to be very mindful of identity fraud going forward as some of your personal details are now comprised and if you have not done so already then please change your password and look at a Password Manager.

While I agree with what you say, Trotter, most of what you list (as being possibly stolen) is either not private already (whether you like it or not), or not held by eBay. Your ID, name & address for example: for business sellers this is already public, is it not? All this is displayed in your listing, inc. phone numbers.

Fair enough, for private users, the linking of you ID to you real identity is not openly public; but if this is acquired this only really compromises you eBay account, does it not? My address? Sorry, this isn't private information. Telephone number &/or D.O.B.?; eBay doesn't have my telephone number or D.O.B. I do agree that the most significant link is probably your eBay password & your private email address; but only if you use the same or similar password(s). Another concern is the security of PayPal; no word on any breach there though.

Trotter, the whole problem with ID fraud (as I have firsthand knowledge of) is how little information is actually needed in order to commit fraud. It is utterly pointless you being super careful with these details when practically every company you deal with is not. I can guarantee you: all fraudsters need is a name & address on a bill. They can get incredibly far with this; not deliberately destroying your identity, just running up debts & leveraging capital with someone else's name. That's all they need.

BH

Posted on: 2014/5/23 14:08

_________________You drive a hard bargain – you can have it for £10 all-in – one consolation (for you) is that you do not have to hear the cries of my children, for bread...

Hopefully you put in a fake DOB when you created your account, because there is no way to see what you entered, or to change it, once you have your account. But fear not, it is a permanent part of your record now!